CVE-2026-53152 - Vulnerability Details

Description

In the Linux kernel, the following vulnerability has been resolved:

mmc: dw_mmc-rockchip: Add missing private data for very old controllers

The really old controllers (rk2928, rk3066, rk3188) do not support UHS
speeds at all, and thus never handled phase data.

For that reason it never had a parse_dt callback and no driver private
data at all.

Commit ff6f0286c896 ("mmc: dw_mmc-rockchip: Add memory clock auto-gating
support") makes the private data sort of mandatory, because the init
function checks whether phases are configured internally or through the
clock controller.

This results in the old SoCs then experiencing NULL-pointer dereferences
when they try to access that private-data struct.

While we could have if (priv) conditionals in all places, it's way less
cluttery to just give the old types their private-data struct.

Published: 2026-06-25

Score: n/a

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

A missing driver private structure in the dw_mmc-rockchip module causes a NULL‑pointer dereference when old SoCs (rk2928, rk3066, rk3188) attempt to use phase data that they never support. This dereference results in a kernel crash (oops) and can allow an attacker to cause a denial of service by triggering the faulty path. The vulnerability is a classic NULL pointer dereference, defined as CWE‑476.

Affected Systems

The flaw affects Linux kernel builds that include the dw_mmc-rockchip driver and target the very early Rockchip SoCs rk2928, rk3066, and rk3188. Any system that uses those SoCs with an unpatched kernel version will be vulnerable; newer kernel releases that added the private data structure apply the fix.

Risk and Exploitability

The EPSS score is not available and the vulnerability is not listed in CISA KEV, indicating no currently known exploitation. However, a NULL dereference in kernel space can crash the target machine, providing a local denial of service. The attack vector is local and requires the driver to be initialized at boot or by accessing the mmc subsystem. The absence of reported exploits suggests a moderate risk, but the impact is high if an authorized user can trigger the fault.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`7457b35afafef5195a498d13b3e05f4258beeecc`	affected	< b1180ff50cca48807893ecde7d1f81d573c88c85
`5b58ba042e2379f4c01da3211fd17dbdc983c2ac`	affected	< 7f8007be13e6cc1e0a508fe461f9a91ba9a28b8c
`ff6f0286c896f062853552097220dd93961be9c4`	affected	< 8d9eca906e76d3dd40e5f2c79701f066678f2e62
`ff6f0286c896f062853552097220dd93961be9c4`	affected	< 1e9a4850afa0ceb63984fb1a9f3e86d0fc4fd18f
`6.12.78`	affected	< 6.12.94
`6.18.19`	affected	< 6.18.36

Linux

affected

Version	Status	Constraints
`6.19`	affected	—
`0`	unaffected	< 6.19
`6.12.94`	unaffected	≤ 6.12.*
`6.18.36`	unaffected	≤ 6.18.*
`7.0.13`	unaffected	≤ 7.0.*
`7.1`	unaffected	≤ *

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the kernel to a release that includes commit ff6f0286c896, which adds the missing private data structure for dw_mmc-rockchip.
If a kernel upgrade is not yet possible, manually apply the patch or merge the commit into the local source to provide the private data for rk2928, rk3066, and rk3188.
As a temporary mitigation, blacklist or disable the dw_mmc-rockchip module on affected systems so that it does not load during boot.
Use a firmware configuration that avoids initializing the mmc subsystem on these SoCs until the patch is applied.

Generated by OpenCVE AI on June 25, 2026 at 10:45 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/1e9a4850afa0ceb63984fb1a9f3e86d0fc4fd18f
https://git.kernel.org/stable/c/7f8007be13e6cc1e0a508fe461f9a91ba9a28b8c
https://git.kernel.org/stable/c/8d9eca906e76d3dd40e5f2c79701f066678f2e62
https://git.kernel.org/stable/c/b1180ff50cca48807893ecde7d1f81d573c88c85

History

Thu, 25 Jun 2026 11:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-476

Thu, 25 Jun 2026 09:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: mmc: dw_mmc-rockchip: Add missing private data for very old controllers The really old controllers (rk2928, rk3066, rk3188) do not support UHS speeds at all, and thus never handled phase data. For that reason it never had a parse_dt callback and no driver private data at all. Commit ff6f0286c896 ("mmc: dw_mmc-rockchip: Add memory clock auto-gating support") makes the private data sort of mandatory, because the init function checks whether phases are configured internally or through the clock controller. This results in the old SoCs then experiencing NULL-pointer dereferences when they try to access that private-data struct. While we could have if (priv) conditionals in all places, it's way less cluttery to just give the old types their private-data struct.
Title		mmc: dw_mmc-rockchip: Add missing private data for very old controllers
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/1e9a4850afa0ceb63984fb1a9f3e86d0fc4fd18f https://git.kernel.org/stable/c/7f8007be13e6cc1e0a508fe461f9a91ba9a28b8c https://git.kernel.org/stable/c/8d9eca906e76d3dd40e5f2c79701f066678f2e62 https://git.kernel.org/stable/c/b1180ff50cca48807893ecde7d1f81d573c88c85

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-06-25T08:38:36.850Z

Updated: 2026-06-25T08:38:36.850Z

Reserved: 2026-06-09T07:44:35.388Z

Link: CVE-2026-53152

Vulnrichment

No data.

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-25T11:00:11Z

Weaknesses

CWE-476
NULL Pointer Dereference

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object